Sign up now to get free exclusive access to reports, research and invitation only events.
The 10 worst security breaches of all time from unencrypted data
Every day it seems we run into another contender for our 'Laptop Losers Hall of Shame'. This dubious honour is for government agencies, corporations and colleges that fail to safeguard the personal information of their employees and customers. These security breaches cause harm and embarrassment to citizens and put them at risk for identity theft. Encryption software can prevent most of these incidents. Here's a list of the 10 biggest (known) security breaches from lost or stolen laptops, according to a chronology of data breaches compiled by the US Privacy Rights Clearinghouse. We're counting down to the worst laptop theft of all time. Can you guess who the "winner" is?
#1 US Department of Veterans Affairs: The US Department of Veterans Affairs doesn't appear to be winning the battle on mobile data security. In May 2006, an agency employee had a laptop stolen from his home that contained names, social security numbers, dates of birth, phone numbers and addresses for 28.6 million veterans, active-duty and reserve military personnel. Two teens were arrested for the crime. Although the FBI claims no data was taken from the stolen laptop, several class-action law suits were filed against the agency.
#10 Ameriprise Financial: 'Twas the night before Christmas, and Ameriprise Financial lost a laptop with customer names, social security numbers and account information from 228,000 customers. The US investment advisor lost the laptop in December 2005, when it was stolen out of an employee's car. The holidays weren't too happy for the employee, who was promptly fired. The laptop was recovered by local law enforcement eight months later.
#4 Davidson County: In a modern-day version of Watergate, a person broke into the Davidson County Election Commission offices in Nashville over the Christmas holidays and stole laptops that contained the names and social security numbers for 337,000 voters. The police recovered the hard drives from the stolen laptops several weeks later, and they believe the data was not tampered with. The suspected thief turned himself in to police, saying he had sold the laptops for US$80 and a six-pack of beer.
#7 Ernst & Young: Who's auditing these laptops? Ernst & Young had two laptops stolen in 2006 that put sensitive data from 284,000 people at risk. In February 2006, a laptop was stolen from an employee's car that stored names and Social Security numbers for 38,000 employees of British Petroleum, Sun, Cisco and IBM. Three months later, a laptop was stolen from a different employee's car that contained the names, addresses and credit or debit card information for 243,000 customers of Hotels.com.
#5 Lifeblood: This laptop theft was a real bloodletting. In February 2008, Lifeblood, the regional US blood bank serving Memphis, reported two laptops missing and presumed stolen. The laptops contained names, addresses, birth dates, social security numbers, telephone numbers, e-mail addresses and drivers' license numbers for 321,000 donors. Even blood type and cholesterol levels were included in the database. A US$20,000 reward was available for any information leading up to an arrest.
#6 Horizon Blue Cross Blue Shield: Let's hope this laptop was insured. Horizon Blue Cross Blue Shield announced in January 2008 that one of its laptops was stolen. The laptop contained the names, social security numbers and other personal information for 300,000 of its members. The data was password-protected but not encrypted. The laptop was being taken home by an employee when it was stolen.
#2 Gap: The Gap's clothes may be hip, but its information security policies are not. In September 2007, a third-party vendor that manages job applicant data for Gap had a laptop stolen from its offices that contained personal data for 800,000 job applicants. The data included names and social security numbers for people who applied online or by phone for store positions between July 2006 and June 2007. That's not quite the bargain these fashion-lovers were looking for!
#3 Boeing: With all those rocket scientists on staff, it's amazing that Boeing hasn't figured out how to secure its laptops. Boeing had three separate incidents of laptops being stolen along with sensitive employee data. In November 2005, a laptop was stolen with social security numbers and bank account information for 161,000 employees. In April 2006, a laptop with social security numbers for 3,600 employees was stolen from an human resources employee at the airport. In December 2006, a laptop was stolen from an employee's car that had names, addresses, salary information, social security numbers and dates of birth for 382,000 employees. Total employees whose data was put at risk: 546,600.
#8 CGI: The consulting firm CGI found itself in deep kimchi after one of its employees had a laptop stolen that contained personal and financial data from 283,000 New York City retirees. The laptop was stolen from a Korean restaurant at 8:30 p.m. on a Saturday night in August 2007. The consultant was working on a project for New York City's Financial Information Services Agency. The city's controller later demanded that CGI pay for credit protection measures for the city's pensioners who were put at risk for identity theft.
#9 Memorial Blood Center: Here's a laptop loss that really hurts. Memorial Blood Centers, a US blood bank, announced in December 2007 that a laptop containing donor information had been stolen. The laptop contained names and Social Security numbers for 268,000 blood donors. The laptop was stolen from a briefcase during preparations for a blood drive.